Privacy Policy

1. Data We Collect

Email address — required for magic-link authentication and transactional communications.

IP address — collected automatically for rate-limiting and fraud prevention. Not sold or used for advertising.

Operator-submitted content — shift notes, incident details, guest information, staff names, and any other text you submit to our AI generators. This content is used solely to produce your requested draft.

Payment data — processed by Square. We receive a transaction ID and subscription status; we do not store your card number, CVV, or full billing address.

2. How We Use Your Data

We use collected data to: generate your requested documents; deliver transactional emails (login links, receipts, draft notifications) via Brevo; process and manage your subscription or one-time payment through Square; detect and prevent fraud and abuse; and comply with applicable law.

We do not use your data for advertising, behavioral profiling, or sale to data brokers.

3. Third-Party Service Providers

Square — payment processing (subscriptions + one-time). Contact Square for card-data handling details.

Brevo — transactional email delivery.

Groq, Google Gemini, Anthropic Claude — AI inference. Your submitted inputs are transmitted to one or more of these providers to generate your draft. Each provider has its own data-use policy: Groq, Google, Anthropic. We do not train models on your data, but we cannot control provider-level retention policies — review their policies before submitting highly sensitive operational content.

Neon — database hosting (US-West region). Stores your account record, draft metadata, and subscription state.

Oracle Cloud Infrastructure — server hosting (US region). Hosts the NagareOps application.

4. Data Retention

Drafts — purged on a rolling 30-day basis. Drafts older than 30 days are automatically deleted.

Account records — retained for 7 years for tax and legal compliance, even after account closure.

Webhook events (Square payment events) — retained indefinitely for audit and dispute purposes.

IP logs — retained for 90 days for fraud and rate-limit analysis, then purged.

5. AI Inputs & Training

We do not train our own models on your submitted content. Your inputs are sent to third-party AI providers (Groq, Google Gemini, Anthropic) solely to generate your requested draft. Each provider's data policies govern how they handle API inputs — see the links in Section 3. If your content is particularly sensitive (e.g., named individuals in an incident report), review those policies before submitting.

6. Cookies & Session Storage

NagareOps sets a single session cookie (HTTP-only, SameSite=Strict) to maintain your logged-in state. No tracking cookies, no third-party ad pixels, no cross-site analytics are used. You can clear this cookie at any time via your browser settings, which will log you out.

7. Your Rights

California residents (CCPA/CPRA): You have the right to know what personal information we hold, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email support@nagareops.jkcreative.store. We will respond within 45 days.

All users: You may request a copy of your account data or deletion of your account by emailing us. Account deletion removes your profile and queues your drafts for purge; payment records are retained per Section 4.

8. Children

NagareOps is intended for hospitality business operators and is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such data, we will delete it promptly in compliance with COPPA.

9. Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users as required by Washington RCW 19.255.010 — within 30 days of discovery, or as quickly as practicable given law enforcement coordination requirements.

10. International Users

NagareOps is a US-based service. All data is stored and processed in the United States. We do not target EU residents and make no GDPR adequacy representations. If you are located outside the US, do not use the Service.

11. DMCA

If you believe content on NagareOps infringes your copyright, send a DMCA takedown notice to support@jkcreative.store with: (1) identification of the copyrighted work; (2) identification of the infringing material and its location; (3) your contact information; (4) a good-faith belief statement; (5) a statement of accuracy under penalty of perjury; and (6) your signature. Counter-notices may be submitted to the same address.

12. Changes to This Policy

We will provide 30 days' notice via email for material changes to this Privacy Policy. Continued use after the effective date constitutes acceptance of the updated policy.

13. Contact

Privacy inquiries: support@nagareops.jkcreative.store or support@jkcreative.store

JK.Creative LLC — Washington State